Computer Virus
Acronym Definition
VIRUS Very Important Resource Under Siege (slang)
VIRUS Vital Information Resources Under Siege (slang)
Computer Virus
Computer virus, rogue computer program, typically a short program designed to disperse copies of itself to other computers and disrupt those computers' normal operations. A computer virus usually attaches or inserts itself to or in an executable file or the boot sector (the area that contains the first instructions executed by a computer when it is started or restarted) of a disk; those that infect both files and boot records are called bimodal viruses. Although some viruses are merely disruptive, others can destroy or corrupt data or cause an operating system or applications program to malfunction. Computer viruses are spread via floppy disks, networks, or on-line services. Several thousand computer viruses are known, and on average three to five new strains are discovered every day. Virus programs can also infect advanced cellular telephones.
Main Types of Viruses
Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.
Examples: Form, Disk Killer, Michelangelo, and Stone virus
Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.
Examples: Sunday, Cascade
Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.
Examples: Invader, Flip, and Tequila
Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.
Examples: Frodo, Joshi, Whale
Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.
Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.
Examples: DMV, Nuclear, Word Concept.
Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom.
These are just few broad categories. There are many more specialized types. But let us not go into that. We are here to learn to protect our self, not write a thesis on computer virus specification.
Why people create computer viruses?
Unlike biological viruses, computer viruses do not simply evolve by themselves. Computer viruses do not come into existence spontaneously, nor are they likely to be created by bugs in regular programs. They are deliberately created by programmers, or by people who use virus creation software. Computer viruses can only do what the programmers have programmed them to do.
Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and financial gain from identity theft, spyware, and cryptoviral extortion. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby. Additionally, many virus writers oppose deliberately destructive payload routines. Many writers consider the systems they attack an intellectual challenge or a logical problem to be solved; this multiplies when a cat-and-mouse game is anticipated against anti-virus software. Some viruses were intended as "good viruses". They spread improvements to the programs they infect, or delete other viruses. These viruses are, however, quite rare, still consume system resources, may accidentally damage systems they infect, and, on occasion, have become infected and acted as vectors for malicious viruses. A poorly written "good virus" can also inadvertently become a virus in and of itself (for example, such a 'good virus' may misidentify its target file and delete an innocent system file by mistake). Moreover, they normally operate without asking for the permission of the computer owner. Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way that is superior to a regular program that does not replicate itself. In short, no single answer is likely to cover the broad demographic of virus writers.
Anti-virus software and other preventative countermeasures
There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms’ have yet to create a signature for.
Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. They work by examining the content heuristics of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". Some anti-virus programs are able to scan opened files in addition to sent and received emails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. There have been attempts to do this but adoption of such anti-virus solutions can void the warranty for the host software. Users must therefore update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to gain knowledge about the latest threats.
One may also prevent the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like cd and dvd is closed, it becomes read-only and can no longer be affected by a virus. Likewise, an Operating System on a live cd can be used to start the computer if the installed Operating Systems become unusable. Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition (and preferably only for that reason), the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.
Recovery Methods
Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of virus.
Tuesday, February 2, 2010
OPERATING SYSTEM
Operating system is an integrated set of a program that is used to manage the various resources and overall operations of a computer system. Its prime objectives is to improve the performance and efficiency of a computer system and increase facility the ease with which a system can be used like manager of a company.
Operating systems run in an infinite loop, each time taking instructions in the form of commands or programs from the users and executing them. This loop continues until the user terminates the loop when the computer shuts down. This is one program that runs all the time, as long as the computer is operational and exits only when the computer is shut down.
TYPES OF OPERATING SYSTEM
1. Batch Processing Systems
2. Multiprogramming Operating system
3. Network Operating System
4. Distributed Operating System
BATCH OPERATING SYSTEM:-
A batch processing system, which serves collection of jobs, called a BACTH. It requires grouping of similar jobs, which consist of programs, data and system commands. They do this by sequentially reading the jobs into machine and then executing the programs for each job in the batch. Examples of such programs include Payroll, Forecasting etc. Users are not required to wait while the job is being processed. They can submit their programs to operators and return later to collect them. Just like, when the job requests the printer to output a line, that line is copied into system buffer and is written to the disk. When the job is completed, the output is actually printed. This form of processing is called SPOOLING.
MULTIPROGRAMMING OPERATING SYSTEM
In computer systems, there may be various jobs running simultaneously, and then the system must choose among them. In a multiprogramming operating system, the operating system simply switches to and executes another job. When that job needs to wait, the CPU is switched to another job, and so on. Eventually, the first job finishes waiting and gets the CPU back. As long as there is always some job tom execute, the CPU will never be idle. Multiprogramming operating systems increases CPU utilization by organizing jobs such that the CPU always has one to execute
Different forms of multiprogramming operating system are:-
Multitasking operating system:- The concurrent operation by one Central Processing Unit of two or more processes. The ability to execute more than one task at the same time. In multitasking, only one CPU is involved, but switches from one program to another so quickly that it gives the appearance of the programs at the same time.
There are two basic types of multitasking:-
1. PREEMPTIVE and
2. COOPERATIVE.
Multiprocessing Operating System:- Refers to a computer system’s ability to support more than one process (program) at the same time. Multiprocessing operating systems enable several programs to run concurrently. UNIX is one of the most widely used multiprocessing systems. It also refers to the utilization of multiple CPU’s in a single computer system. This is also called Parallel Processing. Thus, it is a method of computing in which different parts of a task are distributed between two or more similar Central Processing Units, allowing the computer to complete operations more quickly and to handle larger, more complex procedures.
Multi-threading Operating System:- Multi threading allows different parts of a single program to run concurrently. Multi threading is the ability of an operating system to execute different parts of a program, called threads, simultaneously. The programmer must carefully design the program in such a way that all the threads can run at the same time without interfering with each other.
Time Sharing Operating System:- It is a form of multiprogrammed operating system, which operates, in an interactive mode with a quick response time. A time-sharing system allows many users to simultaneously share the computer resources. Since each action or command in a time-shared system take a very small fraction of time, only a little time is needed for each user.
Operating systems run in an infinite loop, each time taking instructions in the form of commands or programs from the users and executing them. This loop continues until the user terminates the loop when the computer shuts down. This is one program that runs all the time, as long as the computer is operational and exits only when the computer is shut down.
TYPES OF OPERATING SYSTEM
1. Batch Processing Systems
2. Multiprogramming Operating system
3. Network Operating System
4. Distributed Operating System
BATCH OPERATING SYSTEM:-
A batch processing system, which serves collection of jobs, called a BACTH. It requires grouping of similar jobs, which consist of programs, data and system commands. They do this by sequentially reading the jobs into machine and then executing the programs for each job in the batch. Examples of such programs include Payroll, Forecasting etc. Users are not required to wait while the job is being processed. They can submit their programs to operators and return later to collect them. Just like, when the job requests the printer to output a line, that line is copied into system buffer and is written to the disk. When the job is completed, the output is actually printed. This form of processing is called SPOOLING.
MULTIPROGRAMMING OPERATING SYSTEM
In computer systems, there may be various jobs running simultaneously, and then the system must choose among them. In a multiprogramming operating system, the operating system simply switches to and executes another job. When that job needs to wait, the CPU is switched to another job, and so on. Eventually, the first job finishes waiting and gets the CPU back. As long as there is always some job tom execute, the CPU will never be idle. Multiprogramming operating systems increases CPU utilization by organizing jobs such that the CPU always has one to execute
Different forms of multiprogramming operating system are:-
Multitasking operating system:- The concurrent operation by one Central Processing Unit of two or more processes. The ability to execute more than one task at the same time. In multitasking, only one CPU is involved, but switches from one program to another so quickly that it gives the appearance of the programs at the same time.
There are two basic types of multitasking:-
1. PREEMPTIVE and
2. COOPERATIVE.
Multiprocessing Operating System:- Refers to a computer system’s ability to support more than one process (program) at the same time. Multiprocessing operating systems enable several programs to run concurrently. UNIX is one of the most widely used multiprocessing systems. It also refers to the utilization of multiple CPU’s in a single computer system. This is also called Parallel Processing. Thus, it is a method of computing in which different parts of a task are distributed between two or more similar Central Processing Units, allowing the computer to complete operations more quickly and to handle larger, more complex procedures.
Multi-threading Operating System:- Multi threading allows different parts of a single program to run concurrently. Multi threading is the ability of an operating system to execute different parts of a program, called threads, simultaneously. The programmer must carefully design the program in such a way that all the threads can run at the same time without interfering with each other.
Time Sharing Operating System:- It is a form of multiprogrammed operating system, which operates, in an interactive mode with a quick response time. A time-sharing system allows many users to simultaneously share the computer resources. Since each action or command in a time-shared system take a very small fraction of time, only a little time is needed for each user.
Subscribe to:
Posts (Atom)